Class: HackerOne::Client::Report

Inherits:

Object

• Object
• HackerOne::Client::Report

Defined in:

lib/hackerone/client/report.rb

Constant Summary

PAYOUT_ACTIVITY_KEY =

"activity-bounty-awarded"

CLASSIFICATION_MAPPING =

{
  "None Applicable" => "A0-Other",
  "Denial of Service" => "A0-Other",
  "Memory Corruption" => "A0-Other",
  "Cryptographic Issue" => "A0-Other",
  "Privilege Escalation" => "A0-Other",
  "UI Redressing (Clickjacking)" => "A0-Other",
  "Command Injection" => "A1-Injection",
  "Remote Code Execution" => "A1-Injection",
  "SQL Injection" => "A1-Injection",
  "Authentication" => "A2-AuthSession",
  "Cross-Site Scripting (XSS)" => "A3-XSS",
  "Information Disclosure" => "A6-DataExposure",
  "Cross-Site Request Forgery (CSRF)" => "A8-CSRF",
  "Unvalidated / Open Redirect" => "A10-Redirects"
}

Instance Method Summary

• #classification_label ⇒ Object

  Do our best to map the value that hackerone provides and the reporter sets to the OWASP Top 10.

• #created_at ⇒ Object
• #id ⇒ Object
• #initialize(report) ⇒ Report constructor

  A new instance of Report.

• #issue_tracker_reference_url ⇒ Object
• #payment_total ⇒ Object
• #reporter ⇒ Object
• #risk ⇒ Object

  Excludes reports where the payout amount is 0 indicating swag-only or no payout for the issue supplied.

• #summary ⇒ Object
• #title ⇒ Object
• #writeup_classification ⇒ Object

  Bounty writeups just use the key, and not the label value.

Constructor Details

#initialize(report) ⇒ Report

Returns a new instance of Report.

# File 'lib/hackerone/client/report.rb', line 22

def initialize(report)
  @report = report
end

Instance Method Details

#classification_label ⇒ Object

Do our best to map the value that hackerone provides and the reporter sets to the OWASP Top 10. Take the first match since multiple values can be set. This is used for the issue label.

# File 'lib/hackerone/client/report.rb', line 75

def classification_label
  owasp_mapping = vulnerability_types.map do |vuln_type|
    CLASSIFICATION_MAPPING[vuln_type[:attributes][:name]]
  end.flatten.first

  owasp_mapping || CLASSIFICATION_MAPPING["None Applicable"]
end

#created_at ⇒ Object

# File 'lib/hackerone/client/report.rb', line 34

def created_at
  attributes[:created_at]
end

#id ⇒ Object

# File 'lib/hackerone/client/report.rb', line 26

def id
  @report[:id]
end

#issue_tracker_reference_url ⇒ Object

# File 'lib/hackerone/client/report.rb', line 38

def issue_tracker_reference_url
  attributes[:issue_tracker_reference_url]
end

#payment_total ⇒ Object

# File 'lib/hackerone/client/report.rb', line 49

def payment_total
  payments.reduce(0) { |total, payment| total + payment_amount(payment) }
end

#reporter ⇒ Object

# File 'lib/hackerone/client/report.rb', line 42

def reporter
  relationships
    .fetch(:reporter, {})
    .fetch(:data, {})
    .fetch(:attributes, {})
end

#risk ⇒ Object

Excludes reports where the payout amount is 0 indicating swag-only or no payout for the issue supplied

# File 'lib/hackerone/client/report.rb', line 55

def risk
  case payment_total
  when HackerOne::Client.low_range || DEFAULT_LOW_RANGE
    "low"
  when HackerOne::Client.medium_range || DEFAULT_MEDIUM_RANGE
    "medium"
  when HackerOne::Client.high_range || DEFAULT_HIGH_RANGE
    "high"
  when HackerOne::Client.critical_range || DEFAULT_CRITICAL_RANGE
    "critical"
  end
end

#summary ⇒ Object

# File 'lib/hackerone/client/report.rb', line 68

def summary
  attributes[:vulnerability_information]
end

#title ⇒ Object

# File 'lib/hackerone/client/report.rb', line 30

def title
  attributes[:title]
end

#writeup_classification ⇒ Object

Bounty writeups just use the key, and not the label value.

# File 'lib/hackerone/client/report.rb', line 84

def writeup_classification
  classification_label().split("-").first
end